Red Hat Product Errata RHSA-2014:0624 - Security Advisory
Issued:
2014-06-05
Updated:
2014-06-05

RHSA-2014:0624 - Security Advisory

Synopsis

Important: openssl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssl packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.

All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability

Red Hat Enterprise Linux Server 5

SRPM
openssl-0.9.8e-27.el5_10.3.src.rpm SHA-256: 91a8b5889c3c534053fbad42bbda404b15258432639053e9192ca41eef12fead
x86_64
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 8e682abc76be09e396a2cb8419968dd0e2041179e8536cf39f3c4e010df2464a
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: e0b53c1abc5bedfaca569291aa92017d9bdfe85fcbd3c0fa9b332e7fcd63ab6b
openssl-devel-0.9.8e-27.el5_10.3.i386.rpm SHA-256: e79b6c231dea63b74084b51b93292cc69e766a424f35b01cd749a1c22a1d89f8
openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 6f59ac1d818133b4a7d6da5c4a0a1e7bb0b6eec9048035668005427fa184c2f8
openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: ff5baf013c47a8d26fae9855aa48507b284aa583fdcf640d4975531775424c42
ia64
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-0.9.8e-27.el5_10.3.ia64.rpm SHA-256: 57fbd1e9719798cfe2ed99b32342193393e675a975a2990e769ea3cd257ae866
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-debuginfo-0.9.8e-27.el5_10.3.ia64.rpm SHA-256: 642cf6fa44dcbbba7b3d9d7c082083e21439bb207b49b8eea9a5ec4eeb19d820
openssl-devel-0.9.8e-27.el5_10.3.ia64.rpm SHA-256: 20c968687cf356b7ed2db0c367acf7d68aa6505c717ee89ceb5574fe82a8956c
openssl-perl-0.9.8e-27.el5_10.3.ia64.rpm SHA-256: e864e873cd014fbb92e99a684a3fe57685c688bef56cfe91adec1edeb110d1cd
i386
openssl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 8cb59d50a7dbfa0653c9b7b7f84225432ba851840188d78a7a221878ecb35adb
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-devel-0.9.8e-27.el5_10.3.i386.rpm SHA-256: e79b6c231dea63b74084b51b93292cc69e766a424f35b01cd749a1c22a1d89f8
openssl-perl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 9c4ff27857bbbfae01ccd46c9fb8048a3b1b8557ff6e1a3f7ac529b51f3f591a

Red Hat Enterprise Linux Workstation 5

SRPM
openssl-0.9.8e-27.el5_10.3.src.rpm SHA-256: 91a8b5889c3c534053fbad42bbda404b15258432639053e9192ca41eef12fead
x86_64
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 8e682abc76be09e396a2cb8419968dd0e2041179e8536cf39f3c4e010df2464a
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: e0b53c1abc5bedfaca569291aa92017d9bdfe85fcbd3c0fa9b332e7fcd63ab6b
openssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: e0b53c1abc5bedfaca569291aa92017d9bdfe85fcbd3c0fa9b332e7fcd63ab6b
openssl-devel-0.9.8e-27.el5_10.3.i386.rpm SHA-256: e79b6c231dea63b74084b51b93292cc69e766a424f35b01cd749a1c22a1d89f8
openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 6f59ac1d818133b4a7d6da5c4a0a1e7bb0b6eec9048035668005427fa184c2f8
openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: ff5baf013c47a8d26fae9855aa48507b284aa583fdcf640d4975531775424c42
i386
openssl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 8cb59d50a7dbfa0653c9b7b7f84225432ba851840188d78a7a221878ecb35adb
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-devel-0.9.8e-27.el5_10.3.i386.rpm SHA-256: e79b6c231dea63b74084b51b93292cc69e766a424f35b01cd749a1c22a1d89f8
openssl-perl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 9c4ff27857bbbfae01ccd46c9fb8048a3b1b8557ff6e1a3f7ac529b51f3f591a

Red Hat Enterprise Linux Desktop 5

SRPM
openssl-0.9.8e-27.el5_10.3.src.rpm SHA-256: 91a8b5889c3c534053fbad42bbda404b15258432639053e9192ca41eef12fead
x86_64
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 8e682abc76be09e396a2cb8419968dd0e2041179e8536cf39f3c4e010df2464a
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: e0b53c1abc5bedfaca569291aa92017d9bdfe85fcbd3c0fa9b332e7fcd63ab6b
openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: ff5baf013c47a8d26fae9855aa48507b284aa583fdcf640d4975531775424c42
i386
openssl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 8cb59d50a7dbfa0653c9b7b7f84225432ba851840188d78a7a221878ecb35adb
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-perl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 9c4ff27857bbbfae01ccd46c9fb8048a3b1b8557ff6e1a3f7ac529b51f3f591a

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssl-0.9.8e-27.el5_10.3.src.rpm SHA-256: 91a8b5889c3c534053fbad42bbda404b15258432639053e9192ca41eef12fead
s390x
openssl-0.9.8e-27.el5_10.3.s390.rpm SHA-256: 772ab8eb8bb0dafb96f391a8fed72dff2462c44becc4009b3b9593c6c662e4c3
openssl-0.9.8e-27.el5_10.3.s390x.rpm SHA-256: 641df4f028c1facb02592bc26ebcad91c8d41007e7b6df738d1c9cd452f8d2b9
openssl-debuginfo-0.9.8e-27.el5_10.3.s390.rpm SHA-256: ba651bb892251f790c1f6667f1c61d668b25c932e0f2c07ccb43a2255ffe01d0
openssl-debuginfo-0.9.8e-27.el5_10.3.s390x.rpm SHA-256: 64178f93589e28d35862f931e95841416c837b10fd0c3780e4b9947977c62468
openssl-devel-0.9.8e-27.el5_10.3.s390.rpm SHA-256: b8b7f9f6bbaee2d85394161011ac990cd6b97f8155597b79db3aff6cc0abbf22
openssl-devel-0.9.8e-27.el5_10.3.s390x.rpm SHA-256: 051c12dc43f2109b994ab0b1d05100e6a3055a01dd679e00abca5295208e5aeb
openssl-perl-0.9.8e-27.el5_10.3.s390x.rpm SHA-256: 08dbf8f26d4bc9fd378ff65197e7854111adff1090d42ecfa41c7d742f69da92

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssl-0.9.8e-27.el5_10.3.src.rpm SHA-256: 91a8b5889c3c534053fbad42bbda404b15258432639053e9192ca41eef12fead
ppc
openssl-0.9.8e-27.el5_10.3.ppc.rpm SHA-256: 6443e29bd010d48ee74c0a6651c8454e526f250cc76f8c257969b9e5d939a6a6
openssl-0.9.8e-27.el5_10.3.ppc64.rpm SHA-256: 4f3ffcb84f146b51ca89b001360998f55bdb12886aed31a68c7ab6072dc57b2e
openssl-debuginfo-0.9.8e-27.el5_10.3.ppc.rpm SHA-256: ec5a3f9b8f20064dd0cc6b24b3cec03fb47d1b3f5f295452e780208d88f2ba67
openssl-debuginfo-0.9.8e-27.el5_10.3.ppc64.rpm SHA-256: 9bbcf321c45bea3bb6f12523aa0f6075a96b3ac8c0a093bc7fb6927186cbaded
openssl-devel-0.9.8e-27.el5_10.3.ppc.rpm SHA-256: 0ad0d4b8e82e49d5e11803ae567758de7cdd04e9832541b6092a157b2a7eb2ee
openssl-devel-0.9.8e-27.el5_10.3.ppc64.rpm SHA-256: 02b5fae0fb803e9837fa875eb4d3006b1835d1bdc6d03f43f79b8555d7c239db
openssl-perl-0.9.8e-27.el5_10.3.ppc.rpm SHA-256: 2c9219c456d97b1ea58e4a84dff15af3b251a03c95f3613e49a03b397ad48046

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssl-0.9.8e-27.el5_10.3.src.rpm SHA-256: 91a8b5889c3c534053fbad42bbda404b15258432639053e9192ca41eef12fead
x86_64
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 8e682abc76be09e396a2cb8419968dd0e2041179e8536cf39f3c4e010df2464a
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: e0b53c1abc5bedfaca569291aa92017d9bdfe85fcbd3c0fa9b332e7fcd63ab6b
openssl-devel-0.9.8e-27.el5_10.3.i386.rpm SHA-256: e79b6c231dea63b74084b51b93292cc69e766a424f35b01cd749a1c22a1d89f8
openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: 6f59ac1d818133b4a7d6da5c4a0a1e7bb0b6eec9048035668005427fa184c2f8
openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm SHA-256: ff5baf013c47a8d26fae9855aa48507b284aa583fdcf640d4975531775424c42
i386
openssl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 8cb59d50a7dbfa0653c9b7b7f84225432ba851840188d78a7a221878ecb35adb
openssl-0.9.8e-27.el5_10.3.i686.rpm SHA-256: aa41f7231300018d1dc20177cdf24972d2538702bc4a507dcbd8d39c4ff01473
openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 5557c93466eb664f5df30786672c4ea2fa58049f9b75a5b5f385b804037fd5b2
openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm SHA-256: b5a59aab694219f927264379ada64e0d77358e5605f28284aad757c6a756bb3d
openssl-devel-0.9.8e-27.el5_10.3.i386.rpm SHA-256: e79b6c231dea63b74084b51b93292cc69e766a424f35b01cd749a1c22a1d89f8
openssl-perl-0.9.8e-27.el5_10.3.i386.rpm SHA-256: 9c4ff27857bbbfae01ccd46c9fb8048a3b1b8557ff6e1a3f7ac529b51f3f591a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.